NSA faces criticism as leaked cyberweapons fuel second global ransomware crisis
'Petya' ransomware took the world by storm, locking computers and demanding money.
The National Security Agency (NSA), the world's most powerful intelligence organisation, is facing mounting criticism in the wake of another global ransomware outbreak this week (27 June), with security experts concluding its recently-leaked exploits were used to fuel the attacks.
Researchers from multiple companies, including Symantec, Microsoft, FireEye and Cisco Talos, each concluded an NSA tool known as 'EternalBlue', which targets a Windows bug, was used by unknown hackers to super-power a strain of ransomware quickly dubbed Petya.
The infections, which initially hit government departments and businesses in Ukraine and Russia before spreading to more than 64 countries, reportedly also used an NSA tool known as EternalRomance.
The incident drew instant comparisons to the WannaCry ransomware outbreak in May by infecting computers and demanding $300 from victims.
Both exploits used in the latest attack were leaked in April by a group called The Shadow Brokers, which claimed to have stolen the so-called cyberweapons from an agency hacking unit called The Equation Group.
To date, the NSA has remained silent about the fallout.
One of the most outspoken critics of the leak has been former NSA contractor Edward Snowden, who blamed the situation on the stockpiling of computer exploits.
Alongside whistleblowing platform WikiLeaks, he slammed the agency for letting the bugs remain "unfixed for years."
"How many times does [the NSA's] development of digital weapons have to result in harm to civil infrastructure before there is accountability?" he tweeted on 27 June. He added that when the NSA's focus on offensive capabilities shut down hospitals it becomes "time to act."
As reported, Petya victims also included airports, shipping firms, supermarkets and governments.
"It's supposed to be the 'National Security Agency,' not 'National Surveillance Agency.' This one hurt us," Snowden added. Like WannaCry before it, the Petya strain of ransomware will remain a threat to computer systems for years to come, experts said after initial analysis.
Last month, NSA officials defended the agency's use of weapons like EternalBlue – which was not reported to Microsoft until after being stolen. One former official told the Washington Post its capabilities were "unreal", with another saying it was "like fishing with dynamite."
But Microsoft president Brad Smith, in a blog post on 14 May, called out the NSA directly, saying the "stockpiling of vulnerabilities by governments" had become a problem. "Governments of the world should treat this attack as a wake-up call," he said. "They need to take a different approach."
Smith continued: "Exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen."
Not everyone agrees. Rob Graham, a security researcher, took to Twitter to counter Snowden's assertions, branding them "silly spin."
Much still remains unknown about the latest Petya incident – including the culprit responsible and the motivation for launching the online assault (if any exists). Attribution of such attacks can take months of analysis, and many experts remain predictably uncertain about sourcing.
The initial spread, however, appears to be linked to auto-updates from a Ukrainian account software known as MeDoc. "The timing of a MeDoc software update, which occurred on June 27, is consistent with initial reporting of the ransomware attack," said cybersecurity firm FireEye.
As global attacks sparked, reactions varied. Some companies shut down computer networks altogether, while the Twitter account of Ukraine tweeted: "Some of our gov agencies, private firms were hit by a virus. No need to panic, we're putting utmost efforts to tackle the issue."
© Copyright IBTimes 2024. All rights reserved.